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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will appty and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filecJ on 14 March 2005 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for fonnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-10 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) S Claim(s) 1-10 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet{s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action orfonm PTO-152. 

Priority under 35 U.S.C. § 119 

1 2) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . Claims 1 -1 0 have been examined. 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



Response to Arguments 

3. Applicant's arguments filed March 14, 2005 have been fully considered but they 
are not persuasive. 



4. On pg. 3, 2 full paragraph, applicant argues: 

Applicant respectfully urges the Examiner to consider that nothing within the suggestion that a 
user only be permitted to access a computer during certain days and/or times of day would lead 
one having ordinary skills in the art to a system in which the user may access the system at 
anytime of the day or on each day but which varies the number of unsuccessful power-on 
password attempts in the manner set forth within the claims of the present application. A noted 
benefit of such a system is the fact that users are permitted to access the computer at anytime of 
the day or night and upon any day; however, those periods during which security breaches are 
more likely are given the additional protection of varying the number of unsuccessful power-on 
password attempts which are permitted during those periods. 

5. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., user having access to the system at anytime of the day or on each day but which 
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varies the number of unsuccessful power-on password attempts-implied in applicant's 
argument is that the number of allowable power-on password attempts is always at 
least one) are not recited in the rejected daim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F,2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Hence, 
contrary to applicant's allegations, the claimed invention is covered by the prior art of 
record. The instant claim 1 recites the following: "allowing or denying use of the 
personal computer to the user based on the security profile", "said variable security 
profile specifying: a variable number of unsuccessful power-on password attempts 
permitted based upon at least one other factor chosen from time of day and day of 
week; and a security level of authorization of the user" (claim 1). As outlined in the 
Office action dated December 13, 2005, Golding teaches a power-on password (col. 
2:18-65), and the feature of a variable number of unsuccessful password attempts 
permitted based upon at least one other factor chosen from time of day and day of week 
is clearly taught by Frisch, pg. 224-225, bullet 'Limiting user access to certain days 
and/or times of day': during certain restricted times for a specific user, the number of 
unsuccessful power-on password attempts permitted is zero, since the user is not 
allowed access; during non-restricted times, the number of unsuccessful power-on 
password attempts permitted by the user is zero or more, depending on the value 
specified by the C2 security-style password restrictions. Frisch, pgs. 160-161, 
especially Table 5-2, "u_maxtries". 
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Claim Rejections - 35 USC § 103 

6. Claims 1-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Golding et al. U.S. Patent No. 5,265,163 (hereinafter Golding) in view of Frisch 
Essential System Administration 2"^ Edition (hereinafter Frisch). 

7. As per claim 1 , Golding teaches a computer system having a power-on password 
stored in non-volatile memory wherein entry of a power-on password enables entry to 
the computer system. See Golding, col. 2, lines 18-65. Golding does not teach a 
variable security profile wherein the variable security profile is automatically generated 
when the system is turned on, the variable security profile specifying: a variable number 
of unsuccessful power-on password attempts permitted based upon at least one other 
factor chosen from time of day and day of week; and a security level of authorization of 
the user; and allowing or denying use of the personal computer to the user based on the 
security profile. Frisch teaches a variable security profile specifying a variable number 
of unsuccessful password attempts permitted based upon a security level of 
authorization of the user; and allowing or denying use of the personal computer to the 
user based on the security profile. See Frisch, pages 160-163, 'C2 security-style 
password restrictions', especially page 160, 2"^ full paragraph and page 161, Table 5-2, 
'u_maxtries\ It would be obvious to one of ordinary skill in the art at the time the 
invention was made to combine the variable security profile as taught by Frisch with the 
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power-on password check disclosed by Golding to enable a higher level of security as 
required by establishments using the system. See Frisch, page 160, l^^ull paragraph. 

8. Further, Frisch does not expressly disclose the variable security profile is 
generated automatically when the system is turned on. However, Frisch teaches 
automatically running files under the /tcb directory (the security-related directory which 
holds the protected password database disclosed by Frisch in page 160) and preparing 
the system automatically when the system is turned on with available security 
measures. See Frisch, page 111, Figure 4-1 and page 101, 'Security-related activities'. 
It would be obvious to one of ordinary skill in the art at the time the invention was made 
to generate the variable security profile when the system is turned on. Motivation to 
combine ensures security features of a system are active during the entire course of 
operation of the computer system. Ibid. 

9. Finally, Frisch does not expressly disclose the variable number of unsuccessful 
power-on password attempts permitted to be based also upon at least one other factor 
chosen from the time of day and day of week in the aforementioned sections. Frisch 
teaches, in a different section, restricting login access based on the time of day of the 
login request. See Frisch, page 224-225, 'Limiting user access to certain days and/or 
times of day'. It would be obvious to one of ordinary skill in the art at the time the 
invention was made for the number of unsuccessful power-on password attempts 
permitted to be based also upon at least one other factor chosen from time of day and 
day of week to prevent access to only those times when the user is scheduled to login, 
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which ensures a more secure login system as known to one of ordinary skill in the art 
and as taught by Frisch. Ibid. The aforementioned cover the limitations of claim 1 . 

10. As per claim 2, Golding covers a system as outlined above in the claim 1 
rejection under 35 U.S.C. 103(a). In addition, Frisch discloses including a log of the 
access attempts for the personal computer and the results of each attempt. See Frisch, 
pages 262-263, 'Monitoring unsuccessful login attempts'. The aforementioned cover 
the limitations of claim 2. 

11. As per claim 3, Golding covers a system as outlined above in the claim 2 
rejection under 35 U.S.C. 103(a). In addition, Frisch discloses only the superuser (root) 
is able to update the /etc/password and /etc/shadow files, which work in concert with the 
protected password database. See Frisch, page 144, second paragraph; pages 153- 
154, 'Shadow password files'; page 154-155, 'password file permission'. It follows that 
only the root (a system administrator) is able to update the protected password 
database to a less secure state. Motivation to update the variable security profile to a 
less secure state only by the system owner ensures only the requisite authority is able 
to change the state of the system to a less secure state as taught by Frisch. Ibid. The 
aforementioned cover the limitations of claim 3. 

12. As per claim 4, Golding covers a system as outlined above in the claim 3 
rejection under 35 U.S.C. 103(a). Golding does not disclose enabling a normal user to 
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alter the variable security profile to a more secure state. Frisch discloses additional 
security profiles to establish a level of security in the personal computer, which include 
establishing and updating permissions on files owned by a user, wherein a user is 
capable of changing the access level of their own files. See Frisch, pages 234-238, 
'AIX access control lists' and pages 25-32, Tile Ownership' and Tile Protection'. It 
would be obvious to one of ordinary skill in the art at the time the invention was made 
for a normal user to alter the variable security profile to a more secure state. Motivation 
to combine enables normal owners of files to increase restrictions on personal data as 
taught by Frisch. Ibid. The aforementioned cover the limitations of claim 4. 

13. As per claims 5 and 6, Golding covers a system as outlined above in the claim 4 
rejection above under 35 U.S.C. 103(a). Although Golding does not teach using binary 
indicators to set the secure state level, binary fields are the standard in the industry for 
storing any digital information. As argued above, normal users can change file 
permissions they own to more secure states and the root user can alter the state of a 
system to less secure states by making file and login access less restrictive. Both of 
these changes are reflected in memory as binary manipulations. Hence, the 
aforementioned cover the limitations of claims 5 and 6. 

14. As per claims 7-9, Frisch covers a method of providing improved security in a 
personal computer having an operating system and a security profile as outlined above. 
Further, as mentioned above, each user can modify the access level on files they own, 
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wherein the root user is able to modify all files, including the protected password 
database, /etc/password and /etc/shadow files. Moreover, the administrator updates 
the variable security profile in response to a security risk. See Frisch, page 223, last 
paragraph. The aforementioned cover the limitations of claims 7-9. 

15. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Golding 
in view of Frisch as applied to claims 7-9 above, and further in view of Schmidt U.S. 
Patent No. 5,912,621 (hereinafter Schmidt). 

16. As per claim 10, Golding covers a security methodology implemented in a 
personal computer as defined above in the claim 7-9 rejections under 35 U.S.C. 103(a). 
Golding does not teach that a response by the operating system is made when the 
cover of the computer is removed. Schmidt teaches a computer system responsive to 
the removal of its physical encasing; specifically, a state reporting program is run to poll 
the status of an auxiliary state element, which detects when the cover is removed. A 
state report is further submitted to security personal for examination and further action. 
See Schmidt, col. 1, line 51 -col. 2, line 7. It would be obvious to one of ordinary skill in 
the art at the time the invention was made to combine the computer cabinet security 
state detection system with a computer system restricting power-on login access using 
the variable security profile. Motivation to combine includes addressing physical threats 
to prevent tampering of the physical devices of a computer and thereby enabling a more 
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robust computer security system. See Schmidt, col. 1, lines 1-10 and 35-50. The 
aforementioned cover the limitations of claim 10. 

Conclusion 

17. THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is (571) 272- 
3804. The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). / — ~) 




Jung W Kim 
Examiner 
Art Unit 21 32 
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